Another day, another Ruby security bump.
Sigh.
Serious point - as Ruby seems to attract all the younger generation of programmers these days, and the current trend seems to be dev early, release early, security hole early, could this be turned around by more experienced hands joining the community?

You know, I'm grateful for all the CVE's lately. Every CVE means another attack vector that the good guys found, and I'm now protected against.

Evaluating the security of a framework is difficult, because not all frameworks receive the same level of scrutiny. I'm considering this Ruby's "Microsoft moment". We're at a period of time where a lot of people are scrutinizing popular Ruby projects like Rails and Rack. I'm hoping that the outcome of this will be:

* Many security vulnerabilities are found and patched

* More Ruby developers will consider security first, because that's what's in the news

Maybe I'm just a little pollyanna in the brain, but there's good work being done in Ruby right now.

Sigh, another day, another post from you bashing the "ruby community". You got you message accross - ruby sucks, you're migrating to php, good for you! I've read like 15 post from you saying the exact same thing. Please, enough already!

I'd agree that, in the ruby community in general, or at least the English-speaking ruby community, general cultural values seem to be "dev early, release early, security hole early". Valuing innovation and release-often over stability/reliability. There are certainly some projects/developers that go against this cultural norm, but we are certainly not the first to recognize it as a general cultural norm in rubydom (and it's got benefits as well as disadvantages).

I'm going against my better judgement in trying to critically engage you, but what's your background? Are you a security researcher? Have you audited Django? Have you read the Python source code? Why do you think a given language community is going to be more secure than another? Is security one of the tenets of Python?